package com.mall.shiro;

import java.util.LinkedHashMap;

import org.apache.shiro.cache.MemoryConstrainedCacheManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class ShiroConfiguration {
	@Bean("shiroFilter")//5
	public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager")SecurityManager manager) {
		
		ShiroFilterFactoryBean bean=new ShiroFilterFactoryBean();
		bean.setSecurityManager(manager);
		
		bean.setLoginUrl("login");
		bean.setSuccessUrl("/index");
		bean.setUnauthorizedUrl("/unauthorized"); // 设置无权限时跳转的 url;
		//设置路径拦截有先后顺序  上一个拦截通过就不会再去验证后面的了  设置路径拦截时要根据具体的业务来设置
		LinkedHashMap<String, String> filterChainDefinitionMap=new LinkedHashMap<>();
		filterChainDefinitionMap.put("/index", "authc");//需要登录
		filterChainDefinitionMap.put("/login","anon");//不需要登录
		filterChainDefinitionMap.put("/loginUser","anon");//不需要登录
		filterChainDefinitionMap.put("/admin", "roles[admin]");//只有拥有admin角色的用户才能够方法
		filterChainDefinitionMap.put("/edit","perms[edit]");//只有拥有edit权限的用户才能访问
		filterChainDefinitionMap.put("/druid/**","anon");
		filterChainDefinitionMap.put("/**","user"); //只要登录成功就能访问 有顺序 最好放在最下边
		bean.setFilterChainDefinitionMap(filterChainDefinitionMap);
		System.out.println("***********Shiro拦截器 工厂类注入成功***********");
		return bean;
	}
	
	@Bean("securityManager")//4
	public SecurityManager securityManager(@Qualifier("authRealm") AuthRealm authRealm) {
		DefaultWebSecurityManager manager= new DefaultWebSecurityManager();
		manager.setRealm(authRealm);
		return manager;
	}
	
	@Bean("authRealm")//3
	public AuthRealm authRealm(@Qualifier("credentialMatcher") CredentialMatcher matcher) {
		AuthRealm authRealm = new AuthRealm();
		authRealm.setCacheManager(new MemoryConstrainedCacheManager());
		authRealm.setCredentialsMatcher(matcher);
		return authRealm;
	}
	
	@Bean("credentialMatcher")//2
	public CredentialMatcher credentialMatcher() {
		return new CredentialMatcher();
	}
	
	/****************spring与shiro关联********************/
	@Bean//6
	public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(@Qualifier("securityManager") SecurityManager securityManager) {
		AuthorizationAttributeSourceAdvisor advisor =new AuthorizationAttributeSourceAdvisor();
		advisor.setSecurityManager(securityManager);
		return advisor;
	}
	@Bean //1
	public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
		DefaultAdvisorAutoProxyCreator creator=new DefaultAdvisorAutoProxyCreator();
		creator.setProxyTargetClass(true);
		return creator;
	}
}
